Introduction
At SII360, we are committed to maintaining the security and integrity of our products and services. We recognize the valuable role that security researchers and individuals play in identifying and reporting security vulnerabilities. We appreciate your efforts in helping us keep our systems safe and secure.
Reporting Vulnerabilities
If you discover a potential security vulnerability in any of our products or services, we encourage you to report it to us. We take all reports seriously and will investigate and address the issue promptly. Your responsible disclosure of security vulnerabilities helps us protect our users and strengthen our security.
How to Report a Vulnerability
To report a security vulnerability, please send an email to securityreporting@sii360.ca with the following information:
- Description of the vulnerability: Please provide a detailed description of the security issue, including any relevant technical details, proof-of-concept code, or steps to reproduce the vulnerability.
- Your contact information: We may need to get in touch with you to seek further information or provide updates on the status of the issue. Please include your name and a preferred method of contact.
Our Commitment
Collaboration
We are committed to working collaboratively with individuals and security researchers to address security vulnerabilities. When you report a vulnerability to us, you can expect the following:
- Timely Response: We will acknowledge the receipt of your report within 5 business days.
- Investigation: Our security team will investigate the reported issue to assess its validity and impact, and a resonable timeline to resolution that will be communicated to you.
- Communication: We will maintain open and transparent communication with you throughout the process, providing regular updates on the status of the issue and our progress in resolving it.
- Resolution: Once the vulnerability is verified, we will work diligently to develop and implement a resolution.
Legal Protection
SII360 will not take legal action against individuals who report security vulnerabilities in good faith. We appreciate the responsible and ethical reporting of security issues and will not pursue legal action provided the following conditions are met:
- You make a reasonable effort to avoid privacy violations, destruction of data, and interruption or degradation of our services during your research.
- You do not disclose the vulnerability or any related information to the public or third parties without our consent.
- You comply with all applicable laws and regulations in your research and reporting activities.
Reward Program
To express our gratitude for your responsible disclosure efforts, SII360 may, at its sole discretion, offer swag or monetary rewards or other recognition to individuals who report significant security vulnerabilities. The eligibility for rewards will be determined on a case-by-case basis.
Scope
This security reporting policy applies to all SII360 products and services. It is important to note that any unauthorized testing or scanning of our systems may be considered a violation of our terms of service and may result in legal action, especially if it degrades service during your research. If you will be doing research on our systems, we do appreciate your efforts, and we encourage you to contact us BEFORE actively researching to establish open communication in good faith, and/or as soon as posisble after discovering a vulnerability.
Contact Us
If you have any questions or concerns about our security reporting policy or the responsible disclosure of security vulnerabilities, please contact us at securityreporting@sii360.ca
Thank you for helping us keep SII360, our Customers, and Employees safe and secure.
Last Updated: 2025 March 28